While a business continuity plan (BCP) should be focused on
restoring the financial institution's ability to do business,
regardless of the nature of the disruption, different types of
disruptions may require a variety of responses in order to resume
operations. Many types of disasters affect not only the financial
institution but also the surrounding community. The human element
can be unpredictable in a crisis situation, and it should not be
overlooked when developing a BCP since employees and their families
could be affected as significantly as, or more significantly than,
the institution. Therefore, institution management should consider
various internal and external threats and determine the impact they
may have on the entire institution, including employees. While the
type and severity of internal and external threats may be different
for each financial institution, this section discusses four primary
categories of threats that should be considered when developing the
BCP. These threats include malicious activity, natural disasters,
technical disasters, and pandemics.

Malicious Activity

Fraud, Theft, or Blackmail

Since fraud, theft, or blackmail may be perpetrated more easily
by insiders, implementation of employee awareness programs and
computer security policies is essential. These threats can cause
the loss, corruption, or unavailability of information, resulting
in a disruption of service to customers. Restricting access to
information that may be altered or misappropriated reduces
exposure. The institution may be held liable for release of
sensitive or confidential information pertaining to its customers;
therefore, appropriate procedures to safeguard information are
warranted.

Sabotage

Personnel should know how to handle intruders, bomb threats, and
other disturbances. The locations of critical operation
centers should not be publicized, and the facilities should be
inconspicuous. A disgruntled employee may try to sabotage
facilities, equipment, or files. Therefore, personnel
policies should require the immediate removal from the premise of
any employee reasonably considered a threat and the immediate
revocation of their computer and facility access privileges.
Locked doors, motion detectors, guards, and other controls that
restrict physical access are important preventive measures.

Vandalism and Looting

Vandalism and looting represent a threat because individuals
often seek financial gain by exploiting security weaknesses exposed
during an emergency or disaster situation. In the event of an
area-wide disaster, the financial institution's security staff may
be unable to reach the damaged facility and it may be difficult to
obtain services from outside security personnel without prior
notification. Therefore, management should address these potential
threats before a disaster occurs by implementing alternate security
measures to protect both the physical and logical assets of the
financial institution.

Terrorism

The risk of terrorism is real and adequate business continuity
planning is critical for financial institutions in the event a
terrorist attack occurs. Some forms of terrorism (e.g., chemical or
biological contamination) may leave facilities intact but
inaccessible for extended periods of time. The earlier an attack is
detected, the better the opportunity for successful treatment and
recovery. Active monitoring of federal and state emergency warning
systems, such as those of FEMA and the Centers for Disease Control
(CDC), should be considered.

Terrorism is not new, but the likelihood of disruption and
destruction continues to increase. The loss of life, total
destruction of facilities and equipment, and emotional and
psychological trauma to employees can be devastating. Collateral
damage can result in the loss of communications, power, and access
to a geographic area not directly affected by the attack.

Terrorist attacks can range from bombings of facilities to
cyber-attacks on the communication, power, or financial
infrastructures. The goal of cyber-terrorism is to disrupt the
functioning of information and communications systems.
Unconventional attacks could also include the use of chemical,
biological, or nuclear material. Bio-terrorists may employ
bacterial or viral agents with effects that are delayed, making
prevention, response, and recovery problematic. While the
probability of a full-scale nuclear attack is remote, it is
necessary to address the readiness to deal with attacks on nuclear
power plants and industries using nuclear materials and for attacks
initiated by means of "dirty" nuclear devices, which are weapons
combining traditional explosives with radioactive materials..

Natural Disasters

Fire

A fire can result in loss of life, equipment, and data.
Data center personnel must know what to do in the event of a fire
to minimize these risks. Instructions and evacuation plans
should be posted in prominent locations, should include the
designation of an outside meeting place so personnel can be
accounted for in an emergency, and should provide guidelines for
securing or removing media, if time permits. Fire drills
should be periodically conducted to ensure that personnel
understand their responsibilities. Fire alarm boxes and
emergency power switches should be clearly visible and
unobstructed.

All primary and back-up facilities should be equipped with heat
or smoke detectors. Ideally, these detectors should be
located in the ceiling, in exhaust ducts, and under raised
flooring. Detectors situated near air conditioning or intake
ducts that hinder the build up of smoke may not trigger the
alarm. The emergency power shutdown should deactivate the air
conditioning system. Walls, doors, partitions, and floors
should be fire-resistant. Also, the building and equipment
should be grounded correctly to protect against electrical
hazards. Lightning can cause building fires, so lightning
rods should be installed as appropriate. Local fire
inspections can help in preparation and training.

Given government regulations to control ozone depletion, Halon
fire suppression systems are being replaced with alternative fire
suppressant systems. Current systems utilize clean agents and
include Inergen, FM-200, FE-13, and carbon dioxide.
Additionally, dry pipe sprinkler systems are being used that
activate upon detection of a fire and fill the pipe with water only
when required. Consequently, the risk of water damage from
burst pipes may be minimized. These systems should be the
staged type, where the action triggered by a fire detector permits
time for operator intervention before it shuts down the power or
releases fire suppressants. Personnel should know how to
respond to these automatic suppression systems, as well as the
location and operation of power and other shut-off valves.
Waterproof covers should be located near sensitive equipment in the
event that the sprinklers are activated. Hand extinguishers
and floor tile pullers should be placed in easily accessible and
clearly marked locations. The extent of fire protection
required depends on the degree of risk an institution is willing to
accept and local fire codes or regulations.

Floods and Other Water Damage

A financial institution that locates an installation in or near
a flood plain exposes itself to increased risk and should take the
necessary actions to manage that level of exposure. As water
seeks the lowest level, critical records and equipment should be
located on upper floors, if possible, to mitigate this risk.
Raised flooring or elevating the wiring and servers several inches
off the floor can prevent or limit the amount of water
damage. In addition, institutions should be aware that water
damage could occur from other sources such as broken water mains,
windows, or sprinkler systems. If there is a floor above the
computer or equipment room, the ceiling should be sealed to prevent
water damage. Water detectors should be considered as a way
to provide notification of a problem.

Severe Weather

A disaster resulting from an earthquake, hurricane, tornado, or
other severe weather typically would have its probability of
occurrence defined by geographic location. Given the random
nature of these natural disasters, institutions located in an area
that experiences any of these events should consider including
appropriate scenarios in their business continuity planning
process. In instances where early warning systems are
available, management should implement procedures prior to the
disaster to minimize losses.

Air Contaminants

Some disasters produce a secondary problem by polluting the air
for a wide geographic area. Natural disasters such as flooding can
also result in significant mold or other contamination after the
water has receded. The severity of these contaminants can affect
air quality at an institution and even result in evacuation for an
extended period of time. Business continuity planning should
consider the possibility of air contamination and provide for
evacuation plans and the shut down of HVAC systems to minimize the
risks caused by the contamination. Additionally, consideration
should be given to the length of time the affected facility could
be inoperable or inaccessible.

Hazardous Spill

Some financial institutions maintain facilities close to
chemical plants, railroad tracks, or major highways used to
transport hazardous materials. A leak or spill can result in
air contamination, as described above, chemical fires, as well as
other health risks. Institutions should make reasonable
efforts to determine the types of materials being produced or
transported nearby, obtain information about the risks each may
pose, and take steps to mitigate such risks.

Technical Disasters

Communications Failure

The distributed processing environment has resulted in an
increased reliance on telecommunications networks for both voice
and data communications with customers, employees, electronic
payment system providers, affiliates, vendors, and service
providers. Financial institutions lacking diversity in their
telecommunications infrastructures may be susceptible to single
points of failure in the event a disaster disrupts their critical
systems.

Customers

Customer reliance on institutions for account information
creates a critical need for timely recovery of communications
systems. Institutions should establish alternate forms of
communication in the event local phone systems become inoperable
including a plan for how customers will be advised of alternate
means to contact the institution. One alternative form of voice
communication involves the use of voice over Internet protocol
(VoIP), which is the transmission of phone conversations through
the Internet or Internet protocol networks. VoIP technologies also
operate on both wireless Internet and cellular networks. While VoIP
may become a viable solution when local phone systems are
inoperable and the Internet is accessible and functioning,
management should realize that preplanning may be required to
ensure timely implementation of this technology.

Employees

In addition to restoring data communication lines with
customers, restoration of communications with employees is also
critical to any BCP. To make it easier for employees to
contact the institution during a disaster, management could
distribute pre-established toll-free phone numbers to
employees. This method of communication would enable
employees to report their status using a centralized location and
obtain current information about operational restoration.

Calling trees may prove useless during an area-wide disaster
since employees may have evacuated to unknown locations and
standard telecommunications systems may be inoperable. Therefore,
as an alternative to voice landlines, institutions should consider
text messaging via cell phones, wireless personal digital
assistants, two-way radios or satellite phones, text-based pagers,
corporate and public e-mail systems, and Internet based instant
messaging systems. In addition, secure connections may be
established through a virtual private network (VPN) using a
standard Internet connection and a laptop computer. Management
should also ensure they have an adequate supply of batteries to
operate the wireless devices and laptop computers.

Electronic Payment System Providers

Communications failures with electronic payment system providers
may prevent the use of electronic forms of payment, such as debit
and credit cards and electronic funds transfers. Therefore,
cash needs become critical when customers and employees do not have
access to funds electronically, and cash is in short supply during
an area-wide disaster. It may be difficult to obtain
additional supplies of cash and take delivery of sensitive
documents when transportation and telecommunications services are
limited. As such, management should carefully analyze funding
needs if they anticipate, or when they become aware of, a pending
disaster to ensure that liquidity needs are met in a timely
manner.

Affiliates, Vendors, and Service Providers

The restoration of communication with affiliates, vendors, and
service providers is also paramount to the timely recovery of an
institution. Alternate methods of communication and
procedures for accessing, downloading, and uploading information
should be pre-established with the institution's technology service
providers, correspondents, affiliates, and third-party vendors to
ensure continuity of service.

Power Failure

The loss of power can occur for a variety of reasons, including
storms, fires, malicious acts, brownouts, and blackouts and may
result in widespread failure of the power grid and inoperable power
distribution centers. A power failure could result in the
loss of computer systems; lighting, heating and cooling systems;
and security and protection systems. Additionally, power
surges can occur as power is restored, and without proper planning,
can cause damage to equipment. As a means to control this
risk, voltage entering the computer room should be regulated to
prevent power fluctuations. In the event of power failure,
institutions should use an alternative power source, such as an
uninterruptible power supply (UPS), gasoline, kerosene, natural
gas, or diesel generators. A UPS is essentially a collection
of standby batteries that provide power for a short period of
time. When selecting a UPS, an institution should make sure
that it has sufficient capacity to provide ample time to shut down
the system in an orderly fashion and ensure that no data is lost or
corrupted. Some UPS equipment can initiate the automated shut
down of systems without human intervention.

If processing time is more critical, an organization may arrange
for a generator, which will provide power to at least the mission
critical equipment during extended power outages. Management
should maintain an ample supply of fuel on hand, such as propane,
natural gas, or diesel fuel, and arrange for replenishment.
One potential advantage of natural gas is that it is supplied by a
pipeline, avoiding the need to ship it in and maintain it
onsite. It is important to note that if a disruption is
significant enough it may result in the inability to obtain
additional fuel. Further, fuel pumps and delivery systems may
not be operable. Therefore, proper planning involves careful
consideration of which equipment and facilities should be powered
up and whether certain operations should be scaled back.

It is also important to ensure that alternative power supplies
receive periodic maintenance and testing to maintain
operability. Moreover, management should discuss with local
authorities the ordinances relative to the location of generators
and the storage and delivery of fuel.

Equipment and Software Failure

Equipment and software failures may result in extended
processing delays and/or the inability to implement the BCP.
The performance of preventive maintenance enhances system
reliability and should be extended to all supporting equipment,
such as temperature and humidity control systems and alarm or
detecting devices.

Transportation System Disruptions

Financial institutions should not assume regional or national
transportation systems will continue to operate normally during a
disruption. Air traffic or trains may be halted by natural or
technical disasters, malicious activity, or accidents. In instances
of area-wide disasters, delivery of essential services may be
diverted for humanitarian and other emergency efforts. This can
adversely affect cash distribution, fuel delivery, check clearing,
and relocation of staff to back-up sites. Institutions should
investigate the option of using private, ground-based carriers
(e.g., messenger services, trucking companies, bus companies) to
ensure the continuation of these vital functions.

Water System Disruptions

Essential necessities, such as water, could be limited or
non-existent during a disaster. HVAC systems may be dependent
upon water to operate, and initial supplies of drinking water for
employees may be quickly exhausted or difficult to find since new
shipments may be delayed due to transportation problems.
Institutions should plan for potential disruptions in water
services by determining the impact of such a disruption on business
operations and maintaining adequate reserves on hand.